Bridget doesn't play nicely with CentOS' firewall

[elFarto]

Bridget doesn't play nicely with CentOS (and probably RHEL) firewall by default as it sets the policy on the FORWARD chain to DROP. This I believe can be fixed by including the 'firewall' CNI plugin in the CNI script.

I think you need to add something like:

"plugins": [
      {
        "type": "firewall"
      }
    ]

[elFarto]

I've done some more research into this, and it seems this is the correct configuration to use (I also had to rename the CNI file to a .conflist):

{
        "name": "bridget",
        "cniVersion": "0.4.0",
        "plugins": [{
                "type": "bridge",
                "bridge": "cbr0",
                "ipMasq": true,
                "mtu": 1500,
                "ipam": {
                        "type": "host-local",
                        "subnet": "10.244.0.0/16",
                        "rangeStart": "10.244.0.2",
                        "rangeEnd": "10.244.0.254",
                        "gateway": "10.244.0.1",
                        "routes": [
                                { "dst": "0.0.0.0/0" }
                        ]
                }
        },{
                "type": "firewall"
        }]
}

However, this is incompatible with the version of Kubernetes I have installed (v1.15), so I'm unable to test it completely. This is due to Kubernetes v1.15 only supporting CNI up to v0.3.1, and the firewall plugin requires v0.4.0 for some reason.